Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/BDV5h-uf036rT8MfxntggzJDzk8.roa
File:                     BDV5h-uf036rT8MfxntggzJDzk8.roa (raw, json)
Hash identifier:          AsJGU1Ra6YyFB2JUcIMbGcIplRsSDPkmgO4Z5bENLHY=
Subject key identifier:   04:35:79:87:EB:9F:D3:7E:AB:4F:C3:1F:C6:7B:60:83:32:43:CE:4F
Certificate issuer:       /CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
Certificate serial:       018CC3490C33D982DDA153AEFFFABBCA0E94
Authority key identifier: 5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/BDV5h-uf036rT8MfxntggzJDzk8.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3549
IP address blocks:        2a06:6540:30c1::/48 maxlen: 48
                          2a06:6540:3041::/48 maxlen: 48
                          2a06:6540:2041::/48 maxlen: 48
                          2a06:6540:3081::/48 maxlen: 48
                          2a06:6540:3101::/48 maxlen: 48
                          2a06:6541:3002::/48 maxlen: 48
                          2a06:6540:3002::/48 maxlen: 48
                          2a06:6541:3041::/48 maxlen: 48
                          2a06:6541:30c1::/48 maxlen: 48
                          2a06:6541:3101::/48 maxlen: 48
                          2a06:6541:2041::/48 maxlen: 48
                          2a06:6541:3081::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 01 Jan 2025 01:48:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0c:33:d9:82:dd:a1:53:ae:ff:fa:bb:ca:0e:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ac466cc89f9db4e31c5400d2ae7a2bffdb22547
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04357987eb9fd37eab4fc31fc67b60833243ce4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:a9:af:cd:68:54:a7:95:5a:bb:a8:8d:55:10:
                    5a:69:75:b1:08:8b:fc:d9:a8:b0:83:cb:2c:0f:e0:
                    3a:79:15:0d:eb:ff:04:1b:10:25:c3:71:a6:06:c6:
                    be:74:4d:03:92:ec:fd:18:2d:78:c4:6c:6f:a3:83:
                    43:96:6f:67:fb:98:51:b2:25:e9:43:53:da:7f:88:
                    ae:ee:7a:9f:0c:01:f0:8e:9d:67:6b:1e:78:30:b1:
                    9e:64:23:ec:2a:a2:69:dd:b6:79:59:09:74:ab:17:
                    ef:e5:67:46:af:16:f5:67:1d:64:a5:b9:c1:b6:23:
                    d1:d1:95:12:b7:06:eb:8a:bc:76:18:cd:cf:56:14:
                    59:63:dd:84:15:fe:a3:01:d6:ce:e3:0c:fe:0b:f6:
                    cc:6c:3f:2b:33:56:5f:20:0c:06:9b:cf:77:af:51:
                    69:15:59:b8:c9:b8:b3:bb:89:1c:d3:de:61:dc:5e:
                    e1:e7:52:40:60:c4:a4:f2:47:d4:92:5c:b4:67:01:
                    f1:f5:e1:ef:f4:ff:49:35:ce:2c:8e:34:04:91:52:
                    f8:1a:e0:59:42:8d:f1:25:62:20:1c:28:4a:ea:2a:
                    85:62:36:3b:4c:8d:b0:e9:02:f7:6b:99:c6:0e:f6:
                    6c:72:43:7d:42:76:53:51:3f:40:e4:4c:28:b9:49:
                    5f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:35:79:87:EB:9F:D3:7E:AB:4F:C3:1F:C6:7B:60:83:32:43:CE:4F
            X509v3 Authority Key Identifier:
                keyid:5A:C4:66:CC:89:F9:DB:4E:31:C5:40:0D:2A:E7:A2:BF:FD:B2:25:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WsRmzIn5204xxUANKueiv_2yJUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/BDV5h-uf036rT8MfxntggzJDzk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/e29c87-4683-443e-883f-9abd1aa64be1/1/WsRmzIn5204xxUANKueiv_2yJUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:6540:2041::/48
                  2a06:6540:3002::/48
                  2a06:6540:3041::/48
                  2a06:6540:3081::/48
                  2a06:6540:30c1::/48
                  2a06:6540:3101::/48
                  2a06:6541:2041::/48
                  2a06:6541:3002::/48
                  2a06:6541:3041::/48
                  2a06:6541:3081::/48
                  2a06:6541:30c1::/48
                  2a06:6541:3101::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:5e:fc:7d:aa:86:90:45:78:4d:b0:01:e9:ab:40:77:bb:94:
         51:0a:7d:45:d0:be:6b:31:1a:27:39:26:a3:b5:ab:97:7f:7f:
         ec:7a:cc:01:fa:77:71:f1:b5:ab:61:6e:1b:91:5b:69:c6:01:
         35:8a:8f:35:39:b2:10:39:f7:87:e1:cb:a7:ef:f7:a3:52:3b:
         f9:d6:cd:4b:c1:45:a3:53:92:c4:54:e3:85:3a:ae:fc:00:81:
         41:eb:cd:fc:f7:8b:6a:db:b6:98:6f:c8:94:15:4d:b6:10:aa:
         db:b2:e4:e4:7a:d0:32:9c:3d:c8:8b:e7:d4:2d:2f:78:56:8a:
         10:28:34:29:ef:a3:ea:18:bc:7b:7e:b7:e1:a7:f4:d5:9a:82:
         17:dc:47:cb:ea:6f:6f:9d:d5:13:d4:8c:85:d1:50:3b:e5:bd:
         d7:10:f0:76:e6:5a:fb:25:c6:c1:7d:f8:03:51:a5:0e:7f:41:
         79:2c:29:40:c7:92:33:e0:64:8a:ec:03:02:37:c4:9b:35:59:
         2c:07:e9:df:58:4c:ba:ec:2f:64:ce:df:e8:f9:53:c3:bb:6b:
         49:7b:8f:7a:f2:39:45:3f:26:65:bc:b4:b1:d3:84:dd:de:65:
         28:c0:37:51:47:40:fc:7a:d4:58:48:f9:ec:5a:50:bb:45:94:
         f5:32:f2:cf
-----BEGIN CERTIFICATE-----
MIIFZDCCBEygAwIBAgISAYzDSQwz2YLdoVOu//q7yg6UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhYzQ2NmNjODlmOWRiNGUzMWM1NDAwZDJhZTdhMmJmZmRi
MjI1NDcwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDM1Nzk4N2ViOWZkMzdlYWI0ZmMzMWZjNjdiNjA4MzMyNDNjZTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKmvzWhUp5Vau6iNVRBaaXWxCIv8
2aiwg8ssD+A6eRUN6/8EGxAlw3GmBsa+dE0Dkuz9GC14xGxvo4NDlm9n+5hRsiXp
Q1Paf4iu7nqfDAHwjp1nax54MLGeZCPsKqJp3bZ5WQl0qxfv5WdGrxb1Zx1kpbnB
tiPR0ZUStwbrirx2GM3PVhRZY92EFf6jAdbO4wz+C/bMbD8rM1ZfIAwGm893r1Fp
FVm4ybizu4kc095h3F7h51JAYMSk8kfUkly0ZwHx9eHv9P9JNc4sjjQEkVL4GuBZ
Qo3xJWIgHChK6iqFYjY7TI2w6QL3a5nGDvZsckN9QnZTUT9A5EwouUlfdQIDAQAB
o4ICcDCCAmwwHQYDVR0OBBYEFAQ1eYfrn9N+q0/DH8Z7YIMyQ85PMB8GA1UdIwQY
MBaAFFrEZsyJ+dtOMcVADSrnor/9siVHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2Yt
OWFiZDFhYTY0YmUxLzEvQkRWNWgtdWYwMzZyVDhNZnhudGdnekpEems4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9lMjljODctNDY4My00NDNlLTg4M2YtOWFiZDFhYTY0YmUx
LzEvV3NSbXpJbjUyMDR4eFVBTkt1ZWl2XzJ5SlVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGFBggrBgEFBQcBBwEB/wR2MHQwcgQCAAIwbAMHACoGZUAg
QQMHACoGZUAwAgMHACoGZUAwQQMHACoGZUAwgQMHACoGZUAwwQMHACoGZUAxAQMH
ACoGZUEgQQMHACoGZUEwAgMHACoGZUEwQQMHACoGZUEwgQMHACoGZUEwwQMHACoG
ZUExATANBgkqhkiG9w0BAQsFAAOCAQEAOF78faqGkEV4TbAB6atAd7uUUQp9RdC+
azEaJzkmo7Wrl39/7HrMAfp3cfG1q2FuG5FbacYBNYqPNTmyEDn3h+HLp+/3o1I7
+dbNS8FFo1OSxFTjhTqu/ACBQevN/PeLatu2mG/IlBVNthCq27Lk5HrQMpw9yIvn
1C0veFaKECg0Ke+j6hi8e3634af01ZqCF9xHy+pvb53VE9SMhdFQO+W91xDwduZa
+yXGwX34A1GlDn9BeSwpQMeSM+BkiuwDAjfEmzVZLAfp31hMuuwvZM7f6PlTw7tr
SXuPevI5RT8mZby0sdOE3d5lKMA3UUdA/HrUWEj57FpQu0WU9TLyzw==
-----END CERTIFICATE-----